Comment Re:Futurama is finally here!! (Score 1) 151
If you don't like that, try some Archduke Chocula.
(P.S. It appears that you beat me to it. I tip my hat to you, Sir)
Sending the account number out in a URL over SSL should not be that big of a hole
Exposing an internal ID in such fashion is not only foolish, but very much a beginner error. I would expect this from some half-assed forum software - not a bank. That said, I've worked for the government before, and seen the same stupid mistake repeated time and time again. A salted hash would have been a lot less idiotic. The fact that there was no authorization performed makes compounds the issue, however, and one wonder who these people hired to write their infrastructure.
Happiness is twin floppies.